Event Recording

Patrick Parker - Reimagining Identity and Access Management Processes with Algorithms


We are on the brink of a machine learning revolution in which computers won't just speed up existing security processes but enable the automation of processes and decisions too complex for the human mind to imagine. The machine-reengineering revolution will leverage powerful algorithms and the immense lakes of organizational data to drive changes in business processes that will fundamentally change the way security is managed. This session provides an overview of machine learning and big data technologies as they apply to Identity and Access Management.

The last presentation of the first EIC day is going to be about the future name, your future of identity and access management using algorithms. Ah, this sounds something in my mind, back in my computer science studies as something that optimizes the, the data usage for specific purposes. And I'm very interesting to learn about that. Welcome Patrick Parker. Thank you.
Good to see you. L we're not Patrick Parker. I'm the CEO of empower ID. Happy to talk to you today. My talk is about the revolution that's going on right now using machine learning, artificial intelligence to optimize business processes, gaining efficiency in providing better customer service. Is there, do I have a clicker?
There we go. Okay. So start out the story. Recently, March 15th, there was a competition, the Google deep mind challenge pitting the 18 time world champion of the game go, which is an ancient Chinese game. Something it's the most ancient of all games again against the human being. So the Google team developed AlphaGo AlphaGo was developed by a hundred plus scientists that had 12, a hundred, two CPUs, 176 graphics card processors, and all of the latest machine learning algorithms, specifically using neural networks to calculate strategy, to play against the human being, the best experts in the industry. Estimated that machines were at least 10 years away from being able to challenge a competent human being in the game of go.
So what is machine learning? Machine learning is the ability to program computers so that they can learn and improve their own processes without being explicitly tasked with all the steps in the process. So for example, the AlphaGo could learn by playing games against itself or games against others, and it would get better. And the, the, even the programmers who wrote it could not predict how it would choose its next move and the strategies that it would employ. So the game started out, Lisa do against AlphaGo it very quickly in the first match. AlphaGo was the winner. A lot of people were really shocked. They thought maybe it was a fluke, but seeing how it goes second game AlphaGo made some very interesting move, move that no human player would ever make. Some of them were seemingly as if AlphaGo had had a malfunction, but really what they found out was that it was a very crafty strategy where it was fainting weakness in order to lure Lisa do in until it made a killing move.
So at the end of the fifth games, Lee did win one. They chalked it up to Monte Carlo simulation era in AlphaGo, but he did the AlphaGo was the winner. So for the first time, 10 years ahead of schedule a machine had beaten a human in a game, which is considered more strategic and relying more on what we would call human intuition and strategy than any other game, even more than chess. So that really could be considered well, the machine beat the human, maybe that, you know, that's a downside, but really humans designed the machine. So that is a benefit to all of us. That that technology has progressed at a much faster rate, especially in the last two to three years than anyone had predicted. So the recent study by Harvard business review, there are actually two this year about the application of machine learning technologies to various business challenges to see, to measure productivity, how could it improve our business processes?
So would they analyze was how it could affect processes that were automated processes that typically might have been manual or involving a lot of human interaction that could be automated by machine learning where machines could think like humans, they could understand human language, natural language, and they could make their decisions on their own. Now this whole process automation goes by many names, service delivery. Automation is what a lot of people call it. And they, each of these had the different nuance, robotic process automation, which is non-human interaction with applications to automate the ones you might hear a lot about are machine learning, which is probably the most common term these days, using algorithms to optimize processes and solve problems. And then cognitive. Computing's probably the one that you'll hear the most about coming up, cuz that's the term that IBM has landed on. And that's the term that Microsoft has recently landed on and they've really made major deep investments. They Microsoft at the build conference said that was their key strategy going forward. And they're putting all their investments were not all their investments, but a lot of their investments on cognitive computing.
So when they looked at these 30 pilot companies at the various parts of the business, so the managing customer service managing enterprise risk and compliance, which we're all very concerned about developing and managing new business capabilities, marketing and selling products and services. And then they looked at each of the types of machine learning algorithms that could be applied. They, they found that in for these 30 companies that, which ones were the most effective at producing a value and typical gains when in the 30 companies, they mapped it out to these various areas with managing enterprise risk and compliance mapping to some natural language, which is the understanding of human speech, a lot of anomaly detection, which we would guess that's what your S SIEM solutions, your intrusion detection JS to try to, to fart out behavior predictive analytics, which is also used in those technologies and individual sensing, which is the ability to recognize human faces, to recognize objects and to map what they are.
But what they found is that I have 168 companies. Those companies averaged a, an improvement of two to 10 times of the speed in their processes. So really, really big games, which means money to the bottom line by using these advanced technologies that are just really now coming to fruition. So diving into those natural language processing is a really big one. It's probably one of the biggest right now. You all know theory, Microsoft has Cortana. So the ability to understand natural speech from a human and interpret demeaning of that, and the ability to speak back in big blue from IBM, they have their tone analyzer, their Watson to analyzer, which is really interesting. It can analyze an email or any text to, and, and rate it as far as how friendly it is, how aggressive it is. So you can proof your own emails to see if it sounds you're being a nice guy or you can measure across all of your employees or your customer service to find out who is not sending out emails in a good tone.
So it can even get down to the level of, you know, gauging human emotion. So there's a lot of information here, and this is really used by a lot of the automation, the bots, where you're interacting with what you think as a human being. But it's actually not a human being. I did a little test. Of course, no, machine's perfect. You have to set the machine to solve the right problem. So big blue has, we can ask questions about the weather. Well, if you ask it, does it taste like pizza? It, it can give you weird results. It thought that I was definitely 94% confident that I was asking some question about temperature. So you always have to think, am I a, am I putting the technology against the right, the right problem and working within the parameters? I don't think it was ready for the pizza question.
So also in NA natural language processing sing is speaker verification where you can I voice identify that this person is like an authentication of that person? Speaker well that's speaker verification. Speaker identification is if you hear a lot of noises or a crowded situation, identifying that these are the people matching multiple voices in a conversation to individual people that could be used in a lot of security, especially government applications when sampling very large volumes of recorded sound. Now, the amazing thing is that this extremely advanced technology is becoming ridiculously cheap. This is from Microsoft, they just made a big announcement. They launched their cognitive services API. So pretty much anyone can plug in machine learning and cognitive services into their applications. This is the pricing for the natural language processing. So zero to 50,000 transaction level, you're paying $5 for a thousand transactions, which is, I mean, if you count the cost of any human customer service interaction, if you count the cost of, let's say a password reset to the help desk, you can see how very, very quickly you can save a lot of money.
So a visual sensing is detecting both faces, detecting objects. I think IBM has one or it's Microsoft. I forget which where they can even detect from photos, celebrities matching it against the celebrity database. So you can scan all the photos defined celebrity shots that you didn't know were there, but they're obviously more better uses for this face authentication, other types of applications. So one, one example of a use of this that's super, super high volume, super real world is for FINRA. FINRA's actually a customer of ours. They're the regulatory agency for the Dans stack. So they have to detect fraudulent trades, insider trading across multiple stock exchanges. So they're basically looking for the proverbial needle in the haystack of all those transactions. They're looking for something that was fraudulent, which there's so much money incentive there. Of course, they're gonna try to slip it through. So they use machine learning to analyze 75 plus billion market events every day, hundreds of algorithms, to try to sift through all that data, to find insider trading or fraudulent trades. So very, very effective
Outlier detection is the ability to analyze data, to find which, which one doesn't fit. You know, so this is often used in security analytics to try to detect someone's behavior falls outside the norm. It's also used traditionally in identity management for role mining to find, okay, these people cluster into these job functions and roles, but then this one person just really doesn't fit typically it's because that person's been in the organization and changed jobs. So they just accumulated things they shouldn't have, but that sometimes it could lead to some type of security investigation to see why they have something they shouldn't have.
So that the general idea, if you boil all, boil it all down, the whole machine learning is that you just need to collect the dots, collect everything, you, lots of data, the more data, the better, the more accurate it's gonna be if it's, if it has more data to work with. So you collect the dots, but of course there's so much information. The human mind can't process it. So you use the machine learning algorithms to connect the dots, to look at that vast amount of information and find the patterns to find the, the information that your, your brain could never process in an army of people could never spend enough time to uncover what a machine can uncover extremely fast.
So why is this all becoming possible? There's been a technology explosion in the last couple of years. I mean really rapid evolution. You know, if you look behind the scenes technologies to analyze large volumes of data that could never be analyzed and also even more fascinating in some ways to analyze real time data, you know, thousands to millions of events in real time, as they're coming through and building those predictive models to determine what's happening without having to wait till later, where it's less actionable, you can actually take action as it's happening. You can avoid an event. You can make decisions before customer purchases or before something happens.
So what kind of data, basically, anything that your traditional S IEM like Splunk or IBM or any of them, anything that they would gather and analyze is what are the dots? The things that you'd want to analyze logs, events, click tracking your firewall traffic, pretty much anything you can pump in for analysis. So with this huge volume of data, we're really looking at a different way of, of looking at it, analyzing it, storing it, you know, traditionally you'd have the data warehouses where you're taking all the data and you're trying to normalize it into a structured common SQL format. Now that's just, there's so much data that would never even be possible. Now it's more of what they call a data lake, where you have a repository that you throw the data in and it's natural format. And then it's optimized that these algorithms and processes can crawl through it and analyze it without it being formatted or modified. So the data lake is really multiple consumers can process any of that data in, in a, because it is in a standard accessible format. It's very cheap as well.
So we're moving beyond, you know, the paradigm shift is before it's better tools for humans to look, visualize and understand, but kind of moving to, to somewhere where it wouldn't even be possible. In all cases for humans to understand, it's just, it's beyond the mind's ability to comprehend the amount of data, you know, 1.7 megs by 2020 for every human being on the planet every minute of the day, 44, zetabytes somebody that a ridiculous amount of data that there's no way we could even understand it. So jumping ahead. So role mining is a good example, analyzing the access that people have, you just really your brain can't deduce it down into patterns. It's too much. You need algorithms to, to look at the data and define the clusters who's who are the same, who matches to uncover the hidden patterns.
And of course, this presents a lot of tradit opportunities for traditional workflow. You know, thinking about approvals, how many approvals, automatic dynamic approval based on predictions and patterns, risk based, requiring more approvals, but probably the more interesting application and the one where everybody's investing is on not on the traditional workflows, but what are becoming known as, as service bot or service automation. So the word robot before 1920, the word robot meant forced labor. It was a futile term that was, you know, the term was out. The forced labor was outlawed in by the Austria empire in 18 something. But until 1920, that's what it meant. But in 1920 CapEx, who was a check writer, wrote a play where it was called Ross's universal robots. It was the first use of the term in that manner. They had, they were semi organic, they were built toge.
They were, they had the first robot uprising. So this is really the start of all of all the genre, the terminators, all the movies that were all all well, we all like, I like, I think you liked them probably too. What was this idea? So now moving ahead, the first actual robot was in 1959 in Sweden, which you know, is the first robot, very primitive, very heavy just to move a mechanical arm now. And that's where everyone saw the explosion, lots of mechanical robots, but what they found there's really a paradox. What you'd think was extremely difficult is actually easier than what should be, what you'd think is easy. So they found that the it's requires a lot more computation or computing power to move and have a robot walk like a human and not fall down. That's why they're always so clumsy, but the, but making a robot think like a human mind is actually much, much easier than having it do simple motions.
So that's led to the explosion in technology called service robots and service robots are the ability to have computers think like humans, understand human speech, make decisions without a human being, being involved. And I'm running a long time. So I'll try to speed it up. So this is really considered the next revolution. You know, the first revolution was the physical, the steam engine. The second was the computing and the third is kind of a mix of artificial intelligence robotics to take us into the next level of productivity, lots of information, as, as far as how much time saved, how many full-time employees save, you know, in some cases, for example, the NHS is able to close 180 sets of accounting books every month in just four hours using this technology, a major bank saved over 120 full-time employees, and you'll have cases like a service desk robot answering 62,000 calls a month.
Just things that a human could never do, but they can, if there's a pattern, if they could figure it out, it's faster. And it's definitely a lot less expensive. I think a service robot costs one ninth of an employee in the United States or the UK. So it's huge cost savings. So imagine the service robots, at some point they're, they're in your computers, they're around kind of like our, our little friends from star wars. They're doing tasks, they're thinking on their own. And that's the big difference. It's not a drone where a human has a joystick in a remote control. These are making decisions and doing tasks without any human interaction on their own. So taking that a step further, you can even think of, you know, the sentinels and the matrix security bots that are crawling and looking for patterns on a, a search and destroy mission.
They know what what's right. What's not right. They can shut down access. They can log you out. So just taking that a step further slack, which is a super popular messaging application right now, instant messaging collaboration. They have slack bot and slack bot allows you to work out workflows like this, where you are talking to a bot and a bot is doing things like a detecting events, like a new customer, creating a Salesforce record, sending an email, interacting with all your systems to automate very sophisticated processes. So if you could imagine opportunities and identity, access management, account lock, lockout bot that talks to people when it detects a lockout from a system, why wait for them to call the help desk? Why not have something reach out to them proactively? I'll talk about that one. Realtime access certification bots bots crawling around looking at the data and making decisions and getting tasks done so that humans don't have to wait for that to get done or to do it themselves.
So kind of an account lockout bot, maybe, you know, hello, Bob, I detected an account five filled login attempts. It could reach out and say, and instant message them to say was this, you are, you locked out of this system. Please give me your one time password and it could unlock them. So you could have, you know, replacing mundane, repetitive help desk calls with very intelligent interaction that gets it done quicker. So of course we have to guide these robots properly. We have to build them for the proper processes. And of course they are ethical and legal concerns. As soon as you're letting loose seas bots that can make decisions on their own. You really need to treat them as a different type of identity because they're no longer acting on behalf of someone. They are someone. So they need their rights and access need constrained, cuz you don't want them going wild and accessing too much data in the data lake, performing actions against people. So it's a whole new area of concern for identity management, but there is so much benefit that the money makes sense. It's just gonna happen. It's it's in the process of happening and it's gonna happen. Thank you.
Thank you so much. I think you made a good point. This is the future. This is to come and whether we like it or not, whether yeah, I think this is you made a good point point. Just repeat, because my micro was known. You made a good point. This is the future is going to come. Whether we like it or not
Faster than we thought it was.
Yeah. Nevertheless, there's one question. Could you please put up the question slide? There you go. What is your view on autonomous computing? Should people keep control or can we trust the computers that we build? Think about the go unexpected move example.
It's a, it's a complex question. I think even at Facebook, Facebook where they have the messenger bot, the most complex questions are answered by a team of humans. So it's almost like you need the machine learning to answer the questions, but then there's gonna be, or, or to perform the action. But there'll be such a high volume that you'll probably need machine learning to identify the ones that shouldn't be answered by machine learning and routed to humans. So it's a little bit of a mixed answer.
Yeah. But we will see, wait, we keep control. Right.
We shall see. We shall see.
Yeah. Thank you again, Patrick.
Thank you everyone.

Video Links

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Evolving Identity and Access Management for the Digital Era

Join Identity & Access Management experts from KuppingerCole Analysts and Broadcom as they discuss how business IT is changing, and the implications for IAM. They will define modern IAM and explain why and how IAM needs to change to support modern app development, regulatory compliance,…

Analyst Chat

Analyst Chat #154: 2022 Wrapped Up - Major Trends in IAM and Cybersecurity

Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00